How secured actions work

Using secured actions is a 2-step process. You must first generate a link with the security key, and then later verify that key when the user clicks on the action that will execute a file function in the action/ directory. {{{The securiser_action() function}}} This securiser_action function, stored in the ecrire/inc/securiser_action.php file, creates or verifies an action. During creation, depending on the $mode argument, it will create a URL, a form or simply return an array with the requested parameters and the generated key. During verification, it compares the elements submitted with a GET (URL) or POST (form) and kills the script with an error message and exits if the key does not match the current author. {{{Generating a key}}} To generate a key, you need to call the function with the right parameters:
$securiser_action = charger_fonction('securiser_action','inc');
$securiser_action($action, $arg, $redirect, $mode);
These four parameters are the main ones used: -* $action is the name of the action file and the corresponding action(action/name.php and the associated function action_name_dist()) -* $arg is a passed argument, for example supprimer/article/3 which will be used, among other things, to generate the security key. -* $redirect is a URL for redirection after the action has been performed. -* $mode indicates what should be returned: -** false: a URL -** -1: an array of parameters -** a content text: a form to be submitted (the content is then added into the form) {{{Inside an action, verifying and retrieving the argument}}} Within an action function (action_name_dist()), we verify the security key by calling the function without an argument. It returns the argument (otherwise displays an error and kills the script):
$securiser_action = charger_fonction('securiser_action','inc');
$arg = $securiser_action();
// from here on, we know that the author is the right person!

Author Mark Baber Published : Updated : 12/05/17

Translations : English, français, Nederlands